Crash in [@ nsIFrame::PresContext]
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
People
(Reporter: gsvelto, Assigned: morgan)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-release+
ryanvm
:
approval-mozilla-esr115+
|
Details | Review |
Crash report: https://crash-stats.mozilla.org/report/index/4ccfaea2-a1e8-41b5-bc8a-6df360230829
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 10 frames of crashing thread:
0 xul.dll nsIFrame::PresContext const layout/generic/nsIFrame.h:607
0 xul.dll nsLayoutUtils::FindNearestCommonAncestorFrame layout/base/nsLayoutUtils.cpp:2170
1 xul.dll nsLayoutUtils::TransformRect layout/base/nsLayoutUtils.cpp:2426
2 xul.dll mozilla::a11y::HTMLAreaAccessible::ParentRelativeBounds accessible/html/HTMLImageMapAccessible.cpp:200
3 xul.dll mozilla::a11y::LocalAccessible::BundleFieldsForCache accessible/generic/LocalAccessible.cpp:3405
4 xul.dll mozilla::a11y::DocAccessibleChild::SerializeAcc accessible/ipc/DocAccessibleChild.cpp:63
5 xul.dll mozilla::a11y::DocAccessibleChild::InsertIntoIpcTree accessible/ipc/DocAccessibleChild.cpp:97
6 xul.dll mozilla::a11y::DocAccessibleChild::ShowEvent accessible/ipc/DocAccessibleChild.cpp:109
6 xul.dll mozilla::a11y::LocalAccessible::HandleAccEvent accessible/generic/LocalAccessible.cpp:868
7 xul.dll nsEventShell::FireEvent accessible/base/nsEventShell.cpp:54
These crashes appear to be caused by one of the two frames being compared here being NULL.
To tell the crashes with this stack apart from the others under this signature one can use this query.
|
||
Comment 1•2 years ago
|
||
cc-ing Morgan, who may be interested in this
|
Assignee | |
Comment 2•2 years ago
|
||
:nlapre did you do some html area work recently? I can't find the bug you were working on, but if you could link me that'd be great. Area elements don't have frames, so I'm wondering if something changed in how we consider them relative to their image map containers that makes this bounding frame calculation break.
|
|
||
Comment 3•2 years ago
|
||
Kinda, yeah - I made changes such that we report a generic role for area elements with no href attribute (and no click listener) in Bug 854796. I think I only changed how we report roles, which I don't think would affect this? But I sure have been wrong before.
|
||
Comment 4•2 years ago
|
||
This crash first started appearing on 2023-03-12. So I don't think it could have been bug 854796.
|
|
||
Comment 5•2 years ago
•
|
||
We're seeing ~70 crashes a week here, so I'm going to triage this as s2 for now.
|
||
Comment 6•2 years ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 10 AArch64 and ARM crashes on beta
For more information, please visit BugBot documentation.
|
|
Assignee | |
Updated•2 years ago
|
|
|
||
Comment 7•2 years ago
|
||
Based on the topcrash criteria, the crash signature linked to this bug is not a topcrash signature anymore.
For more information, please visit BugBot documentation.
|
|
Assignee | |
Comment 8•2 years ago
|
||
|
||
Comment 10•2 years ago
|
||
| bugherder | ||
|
||
Updated•2 years ago
|
|
|
||
Comment 11•2 years ago
|
||
The patch landed in nightly and beta is affected.
:morgan, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox120towontfix.
For more information, please visit BugBot documentation.
| Comment hidden (obsolete) |
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 13•2 years ago
|
||
Comment on attachment 9363341 [details]
Bug 1851441: Speculative fix for image map/html area element crash r?Jamie
Beta/Release Uplift Approval Request
- User impact if declined: Users will continue to experience this crash.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This change adds a null check and removes dead code.
- String changes made/needed:
- Is Android affected?: Unknown
|
|
||
Updated•2 years ago
|
|
||
Comment 14•2 years ago
|
||
Comment on attachment 9363341 [details]
Bug 1851441: Speculative fix for image map/html area element crash r?Jamie
Approved for 120.0.1 dot release
|
||
Comment 15•2 years ago
|
||
| uplift | ||
|
|
||
Updated•2 years ago
|
|
|
||
Comment 16•2 years ago
|
||
Please nominate this for ESR115 approval when you get a chance.
|
|
Assignee | |
Comment 17•2 years ago
|
||
Comment on attachment 9363341 [details]
Bug 1851441: Speculative fix for image map/html area element crash r?Jamie
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Crash previously experienced with relatively high volume
- User impact if declined: Users will continue to experience this crash.
- Fix Landed on Version: 121
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This change adds a null check and removes dead code.
|
|
||
Comment 18•2 years ago
|
||
Comment on attachment 9363341 [details]
Bug 1851441: Speculative fix for image map/html area element crash r?Jamie
Approved for 115.6esr.
|
|
||
Comment 19•2 years ago
|
||
| uplift | ||
|
|
||
Updated•2 years ago
|
Description
•